diff --git a/docs/en-US/vnmc-cisco.xml b/docs/en-US/vnmc-cisco.xml
index adcaaeac8d0..fc3b2172284 100644
--- a/docs/en-US/vnmc-cisco.xml
+++ b/docs/en-US/vnmc-cisco.xml
@@ -39,63 +39,107 @@
&PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware
hypervisors.
-
- Guidelines
-
- Cisco ASA 1000v firewall is supported only in Isolated Guest Networks.
-
- Cisco ASA 1000v firewall is not supported on VPC.
-
- Cisco ASA 1000v firewall is not supported for load balancing.
-
- When a guest network is created with Cisco VNMC firewall provider, an additional
- public IP is acquired along with the Source NAT IP. The Source NAT IP is used for the
- rules, whereas the additional IP is used to for the ASA outside interface. Ensure that
- this additional public IP is not released. You can identify this IP as soon as the network
- is in implemented state and before acquiring any further public IPs. The additional IP is
- the one that is not marked as Source NAT. You can find the IP used for the ASA outside
- interface by looking at the Cisco VNMC used in your guest network.
-
-
- Use the public IP address range from a single subnet. You cannot add IP addresses from
- different subnets.
-
-
- Only one ASA instance per VLAN is allowed because multiple VLANS cannot be trunked to ASA ports. Therefore, you can use only one ASA instance in a guest network.
-
-
- Supported only in Inline mode deployment with load balancer.
-
-
-
-
-
Using Cisco ASA 1000v Firewall, Cisco Nexus 1000v dvSwitch, and Cisco VNMC in a
Deployment
-
- Prerequisites
+
+ Guidelines
- Ensure that Cisco ASA 1000v appliance is set up externally and then registered with
- &PRODUCT; by using the admin API. Typically, you can create a pool of ASA 1000v
- appliances and register them with &PRODUCT;.
- Specify the following to set up a Cisco ASA 1000v instance:
+ Cisco ASA 1000v firewall is supported only in Isolated Guest Networks.
+
+
+ Cisco ASA 1000v firewall is not supported on VPC.
+
+
+ Cisco ASA 1000v firewall is not supported for load balancing.
+
+
+ When a guest network is created with Cisco VNMC firewall provider, an additional
+ public IP is acquired along with the Source NAT IP. The Source NAT IP is used for the
+ rules, whereas the additional IP is used to for the ASA outside interface. Ensure that
+ this additional public IP is not released. You can identify this IP as soon as the
+ network is in implemented state and before acquiring any further public IPs. The
+ additional IP is the one that is not marked as Source NAT. You can find the IP used for
+ the ASA outside interface by looking at the Cisco VNMC used in your guest
+ network.
+
+
+ Use the public IP address range from a single subnet. You cannot add IP addresses
+ from different subnets.
+
+
+ Only one ASA instance per VLAN is allowed because multiple VLANS cannot be trunked
+ to ASA ports. Therefore, you can use only one ASA instance in a guest network.
+
+
+ Only one Cisco VNMC per zone is allowed.
+
+
+ Supported only in Inline mode deployment with load balancer.
+
+
+ The ASA firewall rule is applicable to all the public IPs in the guest network.
+ Unlike the firewall rules created on virtual router, a rule created on the ASA device is
+ not tied to a specific public IP.
+
+
+ Supported version of Cisco Nexus 1000v dvSwitch is nexus-1000v.4.2.1.SV1.5.2b.bin and beyond.
+
+
+
+
+
+ Prerequisites
+
+
+ Configure Cisco Nexus 1000v dvSwitch in a vCenter environment.
+ Create Port profiles for both internal and external network interfaces on Cisco
+ Nexus 1000v dvSwitch. Note down the inside port profile, which needs to be provided
+ while adding the ASA appliance to &PRODUCT;.
+ For information on configuration, see .
+
+
+ Deploy and configure Cisco VNMC.
+ For more information, see Installing Cisco Virtual Network Management Center and Configuring Cisco Virtual Network Management Center.
+
+
+ Register Cisco Nexus 1000v dvSwitch with Cisco VNMC.
+ For more information, see Registering a Cisco Nexus 1000V with Cisco VNMC.
+
+
+ Create Inside and Outside port profiles in Cisco Nexus 1000v dvSwitch.
+ For more information, see .
+
+
+ Deploy and Cisco ASA 1000v appliance.
+ For more information, see Setting Up the ASA 1000V Using VNMC.
+ Typically, you create a pool of ASA 1000v appliances and register them with
+ &PRODUCT;.
+ Specify the following while setting up a Cisco ASA 1000v instance:
- ESX host IP
+ VNMC host IP.
- Standalone or HA mode
+ Ensure that you add ASA appliance in VNMC mode.
Port profiles for the Management and HA network interfaces. This need to be
- pre-created on Nexus dvSwitch switch.
+ pre-created on Cisco Nexus 1000v dvSwitch.
- Port profiles for both internal and external network interfaces. This need to be
- pre-created on Nexus dvSwitch switch, and to be updated appropriately while
- implementing guest networks.
+ Internal and external port profiles.
The Management IP for Cisco ASA 1000v appliance. Specify the gateway such that
@@ -108,19 +152,13 @@
VNMC credentials
+
+
+ Register Cisco ASA 1000v with VNMC.
After Cisco ASA 1000v instance is powered on, register VNMC from the ASA
console.
-
- Ensure that Cisco VNMC appliance is set up externally and then registered with
- &PRODUCT; by using the admin API. A single VNMC instance manages multiple ASA1000v
- appliances.
-
-
- Ensure that Cisco Nexus 1000v appliance is set up and configured in &PRODUCT; when
- adding VMware cluster.
-
-
+
Using Cisco ASA 1000v Services
@@ -165,7 +203,7 @@
Choose the zone you want to work with.
- Click the Network tab.
+ Click the Physical Network tab.
In the Network Service Providers node of the diagram, click Configure.
@@ -175,7 +213,7 @@
Click Cisco VNMC.
- Click View VNMC Devices
+ Click View VNMC Devices.
Click the Add VNMC Device and provide the following:
@@ -213,7 +251,7 @@
Choose the zone you want to work with.
- Click the Network tab.
+ Click the Physical Network tab.
In the Network Service Providers node of the diagram, click Configure.
@@ -229,15 +267,16 @@
Click the Add CiscoASA1000v Resource and provide the following:
- Host: The management IP address of the ASA 1000v instance. The IP address is used
- to connect to ASA 1000V.
+ Host: The management IP address of the ASA 1000v
+ instance. The IP address is used to connect to ASA 1000V.
- Inside Port Profile: The Inside Port Profile configuration on Cisco Nexus1000v
- dvSwitch.
+ Inside Port Profile: The Inside Port Profile
+ configured on Cisco Nexus1000v dvSwitch.
- Cluster: The VMware cluster to which you are adding the ASA 1000v instance.
+ Cluster: The VMware cluster to which you are
+ adding the ASA 1000v instance.
Ensure that the cluster is Cisco Nexus 1000v dvSwitch enabled.